<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>responder Package Description</h2>
<p style="text-align: justify;">This tool is first an LLMNR and NBT-NS responder, it will answer to *specific* NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only answers to File Server Service request, which is for SMB. The concept behind this, is to target our answers, and be stealthier on the network. This also helps to ensure that we don’t break legitimate NBT-NS behavior. You can set the -r option to 1 via command line if you want this tool to answer to the Workstation Service request name suffix.</p>
<p>Source: https://github.com/SpiderLabs/Responder<br>
<a href="https://github.com/SpiderLabs/Responder" variation="deepblue" target="blank">responder Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/responder.git;a=summary" variation="deepblue" target="blank">Kali responder Repo</a></p>
<ul>
<li>Author: Trustwave Holdings, Inc., Laurent Gaffie</li>
<li>License: GPLv3</li>
</ul>
<h3>Tools included in the responder package</h3>
<h5>responder – NBT-NS/LLMNR Responder</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="d6a4b9b9a296bdb7babf">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# responder -h<br>
Usage: python /usr/bin/responder -i 10.20.30.40 -b On -r On<br>
<br>
Options:<br>
  -h, --help            show this help message and exit<br>
  -A, --analyze         Analyze mode. This option allows you to see NBT-NS,<br>
                        BROWSER, LLMNR requests from which workstation to<br>
                        which workstation without poisoning anything.<br>
  -i 10.20.30.40, --ip=10.20.30.40<br>
                        The ip address to redirect the traffic to. (usually<br>
                        yours)<br>
  -I eth0, --interface=eth0<br>
                        Network interface to use<br>
  -b Off, --basic=Off   Set this to On if you want to return a Basic HTTP<br>
                        authentication. Off will return an NTLM<br>
                        authentication.This option is mandatory.<br>
  -r Off, --wredir=Off  Set this to enable answers for netbios wredir suffix<br>
                        queries. Answering to wredir will likely break stuff<br>
                        on the network (like classics 'nbns spoofer' will).<br>
                        Default value is therefore set to Off<br>
  -f Off, --fingerprint=Off<br>
                        This option allows you to fingerprint a host that<br>
                        issued an NBT-NS or LLMNR query.<br>
  -w On, --wpad=On      Set this to On or Off to start/stop the WPAD rogue<br>
                        proxy server. Default value is Off<br>
  -F Off, --ForceWpadAuth=Off<br>
                        Set this to On or Off to force NTLM/Basic<br>
                        authentication on wpad.dat file retrieval. This might<br>
                        cause a login prompt in some specific cases. Default<br>
                        value is Off<br>
  --lm=Off              Set this to On if you want to force LM hashing<br>
                        downgrade for Windows XP/2003 and earlier. Default<br>
                        value is Off<br>
  -v                    More verbose</code>
<h3>responder Usage Example</h3>
<p>Specify the IP address to redirect to <b><i>(-i 192.168.1.202)</i></b>, enabling the WPAD rogue proxy <b><i>(-w On)</i></b>, answers for netbios wredir <b><i>(-r On)</i></b>, and fingerprinting <b><i>(-f On)</i></b>:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="45372a2a31052e24292c">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# responder -i 192.168.1.202 -w On -r On -f On<br>
NBT Name Service/LLMNR Responder 2.0.<br>
Please send bugs/comments to: <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="462a212720202f23063234333532312730236825292b">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script><br>
To kill this script hit CRTL-C<br>
<br>
[+]NBT-NS &amp; LLMNR responder started<br>
[+]Loading Responder.conf File..<br>
Global Parameters set:<br>
Responder is bound to this interface:ALL<br>
Challenge set is:1122334455667788<br>
WPAD Proxy Server is:ON<br>
WPAD script loaded:function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';}<br>
HTTP Server is:ON<br>
HTTPS Server is:ON<br>
SMB Server is:ON<br>
SMB LM support is set to:OFF<br>
SQL Server is:ON<br>
FTP Server is:ON<br>
IMAP Server is:ON<br>
POP3 Server is:ON<br>
SMTP Server is:ON<br>
DNS Server is:ON<br>
LDAP Server is:ON<br>
FingerPrint Module is:ON<br>
Serving Executable via HTTP&amp;WPAD is:OFF<br>
Always Serving a Specific File via HTTP&amp;WPAD is:OFF</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
